CVE-2024-40711

CRITICAL KEV RANSOMWARE NUCLEI

Veeam Backup & Replication 12.0.0.1420 through 12.2.0.334 - Deserialization RCE

Title source: llm
STIX 2.1

Description

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Exploits (2)

nomisec WORKING POC 55 stars
by watchtowrlabs · remote
https://github.com/watchtowrlabs/CVE-2024-40711
nomisec WORKING POC 42 stars
by realstatus · poc
https://github.com/realstatus/CVE-2024-40711-Exp

Nuclei Templates (1)

Veeam Backup & Replication - Unauthenticated
CRITICALVERIFIEDby rootxharsh,iamnoooob,DhiyaneshDK
Shodan: html:"Veeam Backup"

References (3)

Scores

CVSS v3 9.8
EPSS 0.6820
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2024-10-17
VulnCheck KEV 2024-04-23
InTheWild.io 2024-10-17
ENISA EUVD EUVD-2024-38578
Ransomware Use Confirmed
CWE
CWE-502
Status published
Products (1)
veeam/veeam_backup_\&_replication 12.0.0.1420 - 12.2.0.334
Published Sep 07, 2024
KEV Added Oct 17, 2024
Tracked Since Feb 18, 2026